<html>
<head>
<meta name="author" content="Kai Oswald Seidler">
<link href="xampp.css" rel="stylesheet" type="text/css">
</head>

<body>
&nbsp;<p>
<h1>XAMPP security</h1>

This page gives you a quick overview about the security status of your XAMPP installation. (Please continue reading after the table.)<p>

<table border=0 cellpadding=0 cellspacing=0><tr valign=top><td bgcolor=#fb7922 valign=top><img src=img/blank.gif width=10 height=0></td><td bgcolor=#fb7922 class=tabhead><img src=img/blank.gif width=250 height=6><br>Subject</td><td bgcolor=#fb7922 class=tabhead><img src=img/blank.gif width=100 height=6><br>Status</td><td bgcolor=#fb7922 valign=top><br><img src=img/blank.gif width=1 height=10></td></tr><tr bgcolor=#ffffff valign=middle><td><img src=img/blank.gif width=1 height=20></td><td class=tabval>These XAMPP pages are accessible by network for everyone</td><td><span class=red>&nbsp;UNSECURE&nbsp;</span></td><td>&nbsp;</td></tr><tr bgcolor=#ffffff><td></td><td colspan=1 class=small>Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.<br><img src=img/blank.gif width=1 height=10></td><td></td><td></td></tr><tr valign=bottom><td bgcolor=#ffffff background='img/strichel.gif' colspan=4><img src=img/blank.gif width=1 height=1></td></tr><tr bgcolor=#ffffff valign=middle><td><img src=img/blank.gif width=1 height=20></td><td class=tabval>MySQL is accessible by the network</td><td><span class=red>&nbsp;UNSECURE&nbsp;</span></td><td>&nbsp;</td></tr><tr bgcolor=#ffffff><td></td><td colspan=1 class=small>This is a potential or at least theoretical security leak. And if you're mad about security you should disable the network interface of MySQL.<br><img src=img/blank.gif width=1 height=10></td><td></td><td></td></tr><tr valign=bottom><td bgcolor=#ffffff background='img/strichel.gif' colspan=4><img src=img/blank.gif width=1 height=1></td></tr><tr bgcolor=#ffffff valign=middle><td><img src=img/blank.gif width=1 height=20></td><td class=tabval>The phpMyAdmin user pma has no password</td><td><span class=red>&nbsp;UNSECURE&nbsp;</span></td><td>&nbsp;</td></tr><tr bgcolor=#ffffff><td></td><td colspan=1 class=small>phpMyAdmin saves your preferences in an extra MySQL database. To access this data phpMyAdmin uses the special user pma. This user has in the default installation no password set and to avoid any security problems you should give him a passwort.<br><img src=img/blank.gif width=1 height=10></td><td></td><td></td></tr><tr valign=bottom><td bgcolor=#ffffff background='img/strichel.gif' colspan=4><img src=img/blank.gif width=1 height=1></td></tr><tr bgcolor=#ffffff valign=middle><td><img src=img/blank.gif width=1 height=20></td><td class=tabval>The MySQL user root has no password</td><td><span class=red>&nbsp;UNSECURE&nbsp;</span></td><td>&nbsp;</td></tr><tr bgcolor=#ffffff><td></td><td colspan=1 class=small>Every local user on Linux box can access your MySQL database with administrator rights. You should set a password.<br><img src=img/blank.gif width=1 height=10></td><td></td><td></td></tr><tr valign=bottom><td bgcolor=#ffffff background='img/strichel.gif' colspan=4><img src=img/blank.gif width=1 height=1></td></tr><tr bgcolor=#ffffff valign=middle><td><img src=img/blank.gif width=1 height=20></td><td class=tabval>The FTP password for user nobody is still 'lampp'</td><td><span class=red>&nbsp;UNSECURE&nbsp;</span></td><td>&nbsp;</td></tr><tr bgcolor=#ffffff><td></td><td colspan=1 class=small>By using the default password for the FTP user nobody everyone can upload and change files for your XAMPP webserver. So if you enabled ProFTPD you should set a new password for user nobody.<br><img src=img/blank.gif width=1 height=10></td><td></td><td></td></tr><tr valign=bottom><td bgcolor=#fb7922></td><td bgcolor=#fb7922 colspan=3><img src=img/blank.gif width=1 height=8></td><td bgcolor=#fb7922></td></tr></table><p>The green marked points are secure; the red marked points are definitively unsecure and the yellow marked points couldn't be checked (for example because the sofware to check isn't running).<p>To fix or close all these matters simply call<p><b>/opt/lampp/lampp security</b><p>This will start an interactive program.<p>

&nbsp;<p>&nbsp;<p>&nbsp;<p>
&nbsp;<p>&nbsp;<p>&nbsp;<p>
</body>
</html>
